We still don’t know for certain who the people behind the Lapsus$ hacking group are, but some cybersecurity researchers think they have a pretty good idea.
An investigation by Bloomberg claims that Lapsus$ counts just seven members, with the mastermind behind the whole operation allegedly being a teenage boy from the UK.
The alleged ringleader is either 16 or 17 years of age, and lives with his mother “about five miles outside of Oxford University”. Bloomberg’s investigators reprotedly talked to his mother over an intercom, but she did not allow direct communication with her son, and added that she knew nothing of any allegations made against him.
We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.
Members in Brazil
Other than saying that four researchers were involved in the investigation, Bloomberg did not name any names - although The Verge found that online security expert Brian Krebs had managed to link back some Lapsus$ members to certain individuals.
Another team member allegedly lives in Brazil. One of them is so skilled that researchers first thought it was a bot, and not an actual human, doing some of the work.
So far, the only thing the researchers can publicly state are the aliases these people were allegedly using, and these include “white”, “breachbase”, “Oklaqq” and “WhiteDoxbin”. These aliases probably belong to no more than two individuals.
The Lapsus$ cybercrime group quickly rose to fame. Late last year, it attacked the endpoints of Impresa, Portugal’s biggest media conglomerate, taking down multiple websites, TV channels, AWS infrastructure, and Twitter accounts.
Later, it struck the websites of Brazil’s Ministry of Health (MoH), suspending Covid-19 vaccination efforts in the country.
Soon after that, came high-profile names from the tech industry: Nvidia, Samsung, Ubisoft, Okta, and possibly even Microsoft.
The group leaked 190GB of Samsung’s internal data, containing the source code for every Trusted Applet (TA) installed in Samsung’s TrustZone environment used for sensitive operations; algorithms for all biometric unlock operations; bootloader source code for all recent Samsung devices; confidential source code from Qualcomm; source code for Samsung’s activation servers; full source code for technology used for authorizing and authenticating Samsung accounts, including APIs and services.
Law enforcement agencies have not yet made any statements regarding this investigation and no charges have been pressed just yet.
- These are the best firewalls right now
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.